Moxa Security Enhancement: Intel® Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)

Low RiskMPSA-256822Mar 9, 2026

Moxa

Summary

Intel Converged Security Management Engine (CSME) with Active Management Technology (AMT) on the affected Moxa device contains multiple vulnerabilities: (1) Out-of-bounds write in IPv6 subsystem (CVE-2020-8752) allowing unauthenticated privilege escalation via network access; (2) Out-of-bounds read in subsystem (CVE-2020-8747) allowing information disclosure and/or denial of service; (3) Out-of-bounds read in subsystem (CVE-2020-8749) allowing privilege escalation via adjacent network access. All three vulnerabilities require no authentication and affect Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45.

What this means

What could happen

An attacker on your network could exploit vulnerabilities in Intel AMT firmware to execute commands with elevated privileges, disrupt operations through denial of service, or access sensitive configuration data on affected Moxa devices without valid credentials.

Who's at risk

This affects Moxa industrial devices that contain Intel CSME with AMT functionality. Moxa manufactures industrial communication gateways, wireless access points, switches, and terminal servers deployed in critical infrastructure environments including electric utilities, water systems, and manufacturing plants. Any Moxa device with embedded Intel AMT firmware is potentially affected if running vulnerable versions.

How it could be exploited

An attacker with network access to an affected Moxa device running vulnerable Intel AMT firmware can send specially crafted network packets to trigger out-of-bounds memory operations. This could allow privilege escalation, information leakage of device configuration or operational parameters, or crash the device's management engine to deny access.

Prerequisites

Network access to the Moxa device on its management network or the port exposed by Intel AMT (typically 16992-16993)
No credentials required for exploitation

Remotely exploitableNo authentication requiredLow complexityNetwork-accessible management interfaceAffects device management engine which could impact operational monitoring and control

Exploitability

Unlikely to be exploited — EPSS score 0.9%

Affected products (1)

ProductAffected VersionsFix Status

Security Enhancement: Intel® Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple VulAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to Intel AMT management ports (16992-16993 by default) using firewall rules to allow only authorized administrative workstations and management systems

WORKAROUNDDisable Intel AMT functionality on the Moxa device if it is not required for your operations, following Moxa's documentation for your specific device model

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa support to determine if your affected device model has a firmware update available that includes patched Intel CSME/AMT firmware (firmware versions 11.8.80, 11.12.80, 11.22.80, 12.0.70, or 14.0.45 or later for the affected subsystem)

Long-term hardening

0/1

HARDENINGSegment Moxa devices onto a dedicated management network separate from production control systems and untrusted networks to limit exposure of AMT ports

CVEs (3)

CVE-2020-8752 CVE-2020-8747 CVE-2020-8749

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8f0df8c6-781d-4ba8-9e49-47fe692d97ca

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.